Hi Mark,
It works great but there are two bugs. The first one is that even if the password is entered
correctly it shows the message "passwords don't match".
The other one is that when a user has been successfully deleted it doesn't show the message "User: ???? deleted". It still
shows "passwords don't match" when the user has been successfully deleted.
The code is shown below if that helps:
----
sub admin_display {
# --------------------------------------------------------
# Let's an admin add/update/remove users from the authorization file.
#
my ($message, @lines, $line);
# Do we have anything to do?
CASE: {
# If we've been passed in new_username, then we are adding a new user. Do
# some basic error checking and then add him into the password file.
$in{'new_username'} and do {
unless ((length($in{'new_username'}) >= 3) and (length($in{'new_username'}) <= 30) and ($in{'new_username'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid username: $in{'new_username'}. Must only contain letters and numbers and be less then 12 and greater then 3 characters.";
last CASE;
}
unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 30)) {
$message = "Invalid password: '$in{'password'}'. Must be less then 12 and greater then 3 characters.";
last CASE;
}
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'password'}, $salt);
print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
close PASS;
$message = "User: $in{'new_username'} created.";
last CASE;
};
# If we've been passed in delete, then we are removing a user.
# Check to make sure a user was selected then try and remove him.
###########################
$in{'delete'} and do {
unless ($in{'username'}) {
$message = "No username selected to delete.";
last CASE;
}
unless ($in{'password'}) {
$message = "No password supplied";
last CASE;
}
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1) }
@lines = <PASS>;
close PASS;
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if (($line =~ /:$in{'password'}:/) && ($line =~ /^$in{'username'}:/)) {
$found = 1;
}
else {
print PASS $line;
}
}
close PASS;
if ($found) {
$message = "User: $in{'username'} deleted.";
&switch_to_user;
open (DB, "<$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
@lines = <DB>;
close DB;
LINE: foreach $line (@lines) {
if ($line =~ /^$/) { next LINE; }
if ($line =~ /^#/) { $output .= $line; next LINE; }
chomp ($line);
@data = &split_decode($line);
unless ($data[$auth_user_field] eq $in{'username'}) {
$output .= $line . "\n";
}
}
open (DB, ">$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) {
flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
}
print DB $output;
close DB; # automatically removes file lock
$output = '';
&switch_to_item;
open (DB, "<$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
@lines = <DB>;
close DB;
LINE: foreach $line (@lines) {
if ($line =~ /^$/) { next LINE; }
if ($line =~ /^#/) { $output .= $line; next LINE; }
chomp ($line);
@data = &split_decode($line);
unless ($data[$auth_user_field] eq $in{'username'}) {
$output .= $line . "\n";
}
}
open (DB, ">$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) {
flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
}
print DB $output;
close DB; # automatically removes file lock
}
else {
$message = "Unable to find userid: $in{'username'} in password file.";
}
last CASE;
};
# If we have a username, and the admin didn't press inquire, then
# we are updating a user.
($in{'username'} && !$in{'inquire'}) and do {
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}
print PASS "$in{'username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated.") :
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;
};
};
# Now let's load the list of users.
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;
if ($in{'userdetails'}) {
$db_script_link_url = "http://192.172.1.99/imvda/db.cgi?db=user&uid=$username&view_records=1";
}
# If we are inquiring, let's look for the specified user.
my (@data, $user_list, $perm, $password, $IMVDARef, $CompanyName, $PhysicalAddress, $PostalAddress, $Region, $Phone, $Fax, $CellPhone, $Email, $Website);
$user_list = qq~<select name="username"><option> </option>~;
unless ($in{'password'} eq $in{'password2'}) {
$message = "passwords don't match";
}
LINE: foreach $line (@lines) {
$line =~ /^#/ and next LINE;
$line =~ /^\s*$/ and next LINE;
chomp $line;
@data = split (/:/, $line);
push (@users,$data[0]);
if ($in{'inquire'} and ($in{'username'} eq $data[0])) {
if ($in{'password'} eq $data[1]) {
$password = $data[1];
$perm = qq|
View <input type=checkbox name="per_view" value="1" |;
($data[2] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |;
($data[3] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |;
($data[4] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |;
($data[5] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |;
($data[6] and $perm .= "CHECKED"); $perm .= qq|>|;
open (PASS, "<user.db") or &cgierr ("unable to open: user.db.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
my @user_data = <PASS>;
close PASS;
foreach $line (@user_data) {
@user_info = split(/\|/, $line);
last if ($user_info[1] eq $password);
}
$IMVDARef = $user_info[1];
$CompanyName = $user_info[2];
$PhysicalAddress = $user_info[3];
$PostalAddress = $user_info[4];
$Region = $user_info[5];
$Phone = $user_info[7];
$Fax = $user_info[8];
$CellPhone = $user_info[9];
$Email = $user_info[10];
$Website = $user_info[11];
} else {
$message = 'Password does not match!';
}
}
}
foreach $user (sort @users) {
if ($in{'inquire'} and ($in{'username'} eq $user)) {
$user_list .= qq~<option value="$user" SELECTED>$user</option>\n~;
}
else {
$user_list .= qq~<option value="$user">$user</option>\n~;
}
}
$user_list .= "</select>";
# Build the permissions list if we haven't inquired in someone.
if (!$perm) {
$perm = qq|
View <input type=checkbox name="per_view" value="1" |; ($auth_default_perm[0] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |; ($auth_default_perm[1] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |; ($auth_default_perm[2] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |; ($auth_default_perm[3] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |; ($auth_default_perm[4] and $perm .= "CHECKED"); $perm .= qq|>|;
}
&html_admin_display ($message, $user_list, $password, $perm, $IMVDARef, $CompanyName, $PhysicalAddress, $PostalAddress, $Region, $Phone, $Fax, $CellPhone, $Email, $Website);
}